enes

Back to blog

Deribit loses $28 million after hot wallet hack

By:

loading

SCORECHAIN

Date: November 3rd 2022

Published on: Global News, Investigation

Tags:

BTC, Crypto AML, ETH, exchange, Hack, Hot wallet, USDC,

Deribit loses $28 million after hot wallet hack

Deribit is a crypto exchange based in Panama and launched in June 2016. It’s a well-known cryptocurrency futures and options exchange that allows crypto traders to implement derivatives trading strategies for Bitcoin (BTC) and Ethereum (ETH), and Solana (SOL). On November 2nd, Deribit announced it had suffered a $28-million hack targeting its hot wallets.

Deribit hack: what happened?

On November 2nd, Deribit announced it suffered a 28-million hack targeting its hot wallets. The hack affected Deribit’s BTC, ETH, and USDC hot wallets only, and the exchange stated that none of the assets held in cold storage were at risk. Following the hack, the exchange announced freezing withdrawals. On November 3rd, it announced re-opening withdrawals for BTC, ETH, and USDC.

The company also revealed that it was a procedure to store 99% of user funds in cold wallets to limit the impact in the event of a security breach or hack. 

According to Deribit, the exchange’s insurance fund will not be impacted” by the hack. The company also announced that it would cover the loss with the company’s reserves and declared that “Deribit remains in a financially sound position and ongoing operations will not be impacted.”

Before that, other exchanges were victims of hot wallet hacks, such as Binance, Bitmart, Liquid, Bitpoint, or Bithumb. Hacking incidents have been on the rise in recent months, with a record-high of funds stolen in October.

Read more: Hot wallet hacks: how to mitigate ML/TF risks

What is the difference between hot and cold wallets?

A hot wallet is a crypto wallet hosted online by a third-party platform. Therefore, users don’t directly control the private key of the wallet since they are also stored online. Hot wallets are easier to use and facilitate the transfer of crypto assets. It is generally safe for day traders and users who do not work with large amounts of crypto assets.

Cold wallets are offline devices used to store crypto assets. With cold wallets, users remain in total control of their private keys.

In other words, hot wallets are frequently used and are generally not as strictly protected as cold wallets. Therefore, hot wallets are considered less safe than cold wallets or hardware wallets.

Following the funds related to the Deribit hack

Scorechain quickly updated its database with the related addresses, so users are notified in case of exposure to these stolen funds. The two addresses related to the hack are:

  • bc1qw5g8lw4kzltpdcraehy2dt6dqda8080xd6vhl4kg4wwsypwerg9s3x6pvk
  • 0xb0606F433496BF66338b8AD6b6d51fC4D84A44CD
Deribit hack flagged in Scorechain Analytics
One address related to Deribit hack flagged in Scorechain Analytics

The total amount stolen from Deribit’s hot wallets amounts to $28,416,900.09 and breaks down as follows:

  • 691 BTC worth $14,160,100;
  • 6,967 ETH worth $10,906,268; and
  • 3,412,950.9 USDC. worth $3,412,950.9.
Amount of USDC stolen from Deribit
Amount of USDC stolen from Deribit

The hackers quickly swapped the stolen USDC for ETH on the decentralized exchange (DEX) Uniswap.

Visualization of DEX swaps in Scorechain’s Investigation Tool
Visualization of DEX swaps in Scorechain’s Investigation Tool

For now, the stolen funds remain in the two wallets controlled by the hackers. The Scorechain Team has set up alerts to keep on monitoring the funds stolen from Deribit.

  • 691.13 BTC at bc1qw5g8lw4; and
  • 9,111.592 ETH (including the swapped USDC) at 0xb0606F433496.
Current location of the funds stolen from Deribit
Current location of the funds stolen from Deribit

Scorechain’s blockchain analytics and compliance solution has helped over 200 customers in their crypto compliance journey. As hack-related funds carry a high level of risk in terms of money laundering and terrorism financing, it is essential for companies to monitor their crypto asset activities against exposure to such funds. Discover how Scorechain can help you in this process and how you can apply enhanced AML/CFT checks on crypto asset transactions with Scorechain Analytics.

Request a demo

Deribit hack updates

November 7

Over the weekend, Scorechain received automatic notifications that funds related to the hacking incident were on the move.

scorechain email notification
Scorechain’s email alert notification

On November 5, Scorechain’s system identified several transactions going out of one of the hackers’ addresses. The hackers sent  1,610 ETH in one transaction of 10 ETH, and 16 transactions of 100 ETH to Tornado Cash mixer, about $2.6 million in total, within 3 hours.

scorechain investigation tool
Scorechain’s Investigation Tool

For now, the Ethereum wallet linked to the Deribit hack still holds 7,501.38 ETH. The Bitcoin stash has still not been moved.

November 8

Yesterday, Scorechain received another notification that stolen funds were moving out of one of the hackers’ Ethereum wallets. The hackers sent the rest of the balance, 7,499 ETH worth over $11 million, to Tornado Cash via an intermediate wallet 0x3089df0e2349faea1c8ec4a08593c137da10fe2d.

Scorechain Investigation Tool
Scorechain’s Investigation Tool

The hackers sent the remaining funds (7,501.378 ETH) in one transaction to the intermediate wallet. From there, the funds (7,499 ETH) reached Tornado Cash in 92 transactions. the intermediate wallet has a current balance of 0.118 ETH.

All of the stolen ETH has been sent to Tornado Cash mixer, a total of 9,109 ETH, worth over $13 million.

The stolen Bitcoin funds are, for now, still sitting in the hackers’ wallet.

About Scorechain

Scorechain is a Risk-AML software provider for cryptocurrencies and digital assets. As a leader in crypto compliance, the Luxembourgish company has helped over 200 customers in 45 countries since 2015, ranging from cryptocurrency businesses to financial institutions with crypto trading, custody branch, digital assets, customers onboarding, audit and law firms, and some LEAs.

Scorechain solution supports Bitcoin analytics with Lightning Network detection, Ethereum analytics with all ERC20 tokens and stablecoins, Litecoin, Bitcoin Cash, Dash, XRP Ledger, Tezos, Tron with TRC10 and TRC20 tokens, and BSC with BEP20 tokens. The software can de-anonymize the Blockchain data and connect with sanction lists to provide risk scoring on digital assets, transactions, addresses, and entities. The risk assessment methodology applied by Scorechain has been verified and can be fully customizable to fit all jurisdictions. 300+ risk-AML scenarios are provided to its customers with a wide range of risk indicators so businesses under the scope of the crypto regulation can report suspicious activity to authorities with enhanced due diligence.